Results 1 to 9 of 9

Thread: Direct access

  1. #1

    Direct access

    Hello

    I have a page lets call it "x.htm" I want to disable direct access to the page and redirect to home page and if a user comes from certain URL lets says www.mysite.com/redirect to x.htm it should show the page but only for the specified redirect URL and all other requests & direct access should be redirected to home page. ANY IDEAS?? is it possible.?

  2. #2
    Join Date
    May 2009
    Posts
    766
    mod_rewrite, HTTP_REFERER...easily spoofed.

    On another note...it seems like this same topic has come up several times in the last week or so. I really wish people would do some basic searches and read a week's worth of threads before posting...

  3. #3
    Quote Originally Posted by mattle View Post
    mod_rewrite, HTTP_REFERER...easily spoofed.

    On another note...it seems like this same topic has come up several times in the last week or so. I really wish people would do some basic searches and read a week's worth of threads before posting...
    thanks for replying friend....can u explain a bit more.....

    Thanks in advance
    Last edited by mohsinkhalid; 10-05-2009 at 05:39 PM.

  4. #4
    Join Date
    May 2009
    Posts
    766
    sure. read these in the following order:

    http://www.workingwith.me.uk/article...ng/mod_rewrite
    http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html

    So, in your example you want to have something like this (pseudo-code)

    rewrite condition (http_referer != the referer you want)
    rewrite rule match x.htm --> send 'em to the home page

    Or, just wait around long enough, let someone spoon-feed you the answer and then post again next week because you didn't actually learn anything in the process...

    Sorry...a little grumpy today.

  5. #5
    Hey Thanks for the reply.

    ah I just spent an hour cant figure it out as I am not that advanced user. Anybody here willing to help will be appreciated.

  6. #6
    In PHP $_SERVER['HTTP_REFERER'] variable has the details of the last page it came from.
    But you will need to code in PHP.
    Also as mentioned earlier it can be spoofed. Use it only if the content you display is not TOP SECRET!

    Code:
    PHP Code:
    if($_SERVER['HTTP_REFERER'] != 'www.mysite.com/redirect'){
    header('Location:home.com');
    }
    echo 
    'Message'
    Softaculous - Auto Installer for cPanel, Direct Admin, InterWorx, Plesk, H-Sphere
    The only Auto Installer that installs 260+ scripts. Install in just ONE STEP!
    Virtualizor - VPS Control Panel supporting OpenVZ, Xen, KVM and has 60+ OS Templates
    Webuzo - Softaculous for the Cloud i.e. Softaculous Standalone

  7. #7
    Quote Originally Posted by alons View Post
    In PHP $_SERVER['HTTP_REFERER'] variable has the details of the last page it came from.
    But you will need to code in PHP.
    Also as mentioned earlier it can be spoofed. Use it only if the content you display is not TOP SECRET!

    Code:
    PHP Code:
    if($_SERVER['HTTP_REFERER'] != 'www.mysite.com/redirect'){
    header('Location:home.com');
    }
    echo 
    'Message'
    THanks for replying
    It is Top secret some how....u said dont spoof if it is top secret?

  8. #8
    Anybody?plz help here!

  9. #9
    Join Date
    Aug 2002
    Location
    Superior, CO, USA
    Posts
    633
    mohsinkhalid - the other posters are referring to the way that a browser interacts with a web site.

    When a browser requests a page it traditionally sends something like:

    Code:
    GET /page.htm HTTP/1.0
    Host: www.hostname.tld
    Referer: http://www.hostname.tld/blah/blah/blah.html
    in addition to many other fields. alons and mattle are referring to the "Referer" (no pun intended). You original suggestion was to check if a request for x.html only if they came from another page first - in other words, that the Referer field above is what you expect.

    The issue is that while a normal browser user may not be able to spoof the Referer (thus making a rewrite of the URL work as expected) it is trivial for almost anyone else to fake this. For example, virtually every operating system contains a "telnet" client. You can, as a normal user, telnet to port 80 of a host and type exactly what I showed in my code example. Assuming that you're asking for a valid page you'll get back the HTML associated with the page. I can put in any Referer field that I'd like and your model would allow the page to be viewed.

    So you need to back up. There has to be a better way. Traditionally you'll want to have some sort of login system to access protected resources. What is your backend environment? (PHP, Java, .net, other?) This will drive how you really secure a resource.
    Need Java help? Want to help people who do? Sit down with a cup of Java at the hotjoe forums.

Similar Threads

  1. File Direct Access Disable Help
    By mohsinkhalid in forum Hosting Security and Technology
    Replies: 0
    Last Post: 10-05-2009, 02:11 PM
  2. How to Restrict Direct Access
    By amalan in forum Programming Discussion
    Replies: 7
    Last Post: 03-07-2007, 12:17 AM
  3. How to block direct access to a web page in ASP.Net
    By skakakhel in forum Programming Discussion
    Replies: 2
    Last Post: 09-05-2005, 06:05 PM
  4. dont allow direct access to file?
    By free_2_cheat in forum Programming Discussion
    Replies: 4
    Last Post: 02-03-2004, 02:45 AM
  5. MS Direct Access Licences
    By kcoster in forum Dedicated Server
    Replies: 6
    Last Post: 07-30-2001, 04:35 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •